Where is /bin/nologin

Where is /bin/nologin

[gwodus]

I am missing /bin/nologin. 

I need to disable shell access for a user. But it still needs to be able to
accept ssh connects for tunnel only  for that user (ssh -N ...). 

On Linux I would set the login shell in /etc/passed to /sbin/nologin. But I
can't find it on cygwin.

Is there a certain cygwin package I need to install?

Thanks in advance, 
gwodus.
-- 
View this message in context: http://old.nabble.com/Where-is--bin-nologin-tp32647652p32647652.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[David Sastre]

[-- Attachment #1: Type: text/plain, Size: 577 bytes --]

On Thu, Oct 13, 2011 at 11:37:19AM -0700, gwodus wrote:
> 
> I am missing /bin/nologin. 
> 
> I need to disable shell access for a user. But it still needs to be able to
> accept ssh connects for tunnel only  for that user (ssh -N ...). 
> 
> On Linux I would set the login shell in /etc/passed to /sbin/nologin. But I
> can't find it on cygwin.
> 
> Is there a certain cygwin package I need to install?
> 
> Thanks in advance, 
> gwodus.

Does /bin/false serve that purpose?

-- 
Huella de clave primaria: AD8F BDC0 5A2C FD5F A179  60E7 F79B AB04 5299 EC56

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 230 bytes --]

Re: Where is /bin/nologin

[gwodus]

Dawud Medina wrote:
> 
> Does /bin/false serve that purpose?
> 
> -- 
> Huella de clave primaria: AD8F BDC0 5A2C FD5F A179  60E7 F79B AB04 5299
> EC56
> 

Of course!!! Thanks a lot. That's what I was looking for. Thanks.
-- 
View this message in context: http://old.nabble.com/Where-is--bin-nologin-tp32647652p32649084.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[Corinna Vinschen]

On Oct 13 15:44, gwodus wrote:
> 
> 
> Dawud Medina wrote:
> > 
> > Does /bin/false serve that purpose?
> > 
> > -- 
> > Huella de clave primaria: AD8F BDC0 5A2C FD5F A179  60E7 F79B AB04 5299
> > EC56
> > 
> 
> Of course!!! Thanks a lot. That's what I was looking for. Thanks.

Or what about creating your own /sbin/nologin, something like this:

  $ cat > /sbin/nologin <<EOF
  #!/bin/sh
  if [ -f /etc/nologin.txt ]
  then
    cat /etc/nologin.txt
  else
    echo "This account is currently not available."
  fi
  exit 0
  EOF
  $ chmod +x /sbin/nologin


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[Andrey Repin]

Greetings, Corinna Vinschen!

> Or what about creating your own /sbin/nologin, something like this:

>   $ cat > /sbin/nologin <<EOF
>   #!/bin/sh
>   if [ -f /etc/nologin.txt ]
>   then
>     cat /etc/nologin.txt
>   else
>     echo "This account is currently not available."
>   fi
>   exit 0
>   EOF
>   $ chmod +x /sbin/nologin

I would advice against giving any clues about account status, for security
reasons.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 14.10.2011, <14:03>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[Corinna Vinschen]

On Oct 14 14:04, Andrey Repin wrote:
> Greetings, Corinna Vinschen!
> 
> > Or what about creating your own /sbin/nologin, something like this:
> 
> >   $ cat > /sbin/nologin <<EOF
> >   #!/bin/sh
> >   if [ -f /etc/nologin.txt ]
> >   then
> >     cat /etc/nologin.txt
> >   else
> >     echo "This account is currently not available."
> >   fi
> >   exit 0
> >   EOF
> >   $ chmod +x /sbin/nologin
> 
> I would advice against giving any clues about account status, for security
> reasons.

It's what Linux' /sbin/nologin' prints, too.  Actually it's the whole
idea of /sbin/nologin' per the man page:

  $ man nologin
  NOLOGIN(8)                BSD System Manager's Manual               NOLOGIN(8)

  NAME
       nologin — politely refuse a login
  [...]

Just `exit 0' should be replaced with `exit 1' since

  [...]
  nologin displays a message that an account is not available and exits
  non-zero.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[gwodus]

Corinna Vinschen-2 wrote:
> 
> On Oct 14 14:04, Andrey Repin wrote:
>> ...
>> I would advice against giving any clues about account status, for
>> security
>> reasons.
> 
> It's what Linux' /sbin/nologin' prints, too.  Actually it's the whole
> idea of /sbin/nologin' per the man page:
> 
>   $ man nologin
>   NOLOGIN(8)                BSD System Manager's Manual              
> NOLOGIN(8)
> 
>   NAME
>        nologin — politely refuse a login
>   [...]
> 
> Just `exit 0' should be replaced with `exit 1' since
> 
>   [...]
>   nologin displays a message that an account is not available and exits
>   non-zero.
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 

Nice script! Would be cool if it would be part of cygwin. Btw. was the
/etc/nologin.txt your addition? I think the original nologin doesn't even do
that. At least not on Debian, where I just checked. 

Although in general I agree with Andrey. I forgot all about /bin/false. So I
am using that now. In fact I checked on my Linux box. I see that most
"no-shell" users have /bin/false in /etc/passwd (like ftp or mysql). But
others have nologin (e.g. user sshd on my machine).

Thanks,
gwodus.
-- 
View this message in context: http://old.nabble.com/Where-is--bin-nologin-tp32647652p32657023.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[Corinna Vinschen]

On Oct 15 01:24, gwodus wrote:
> Nice script! Would be cool if it would be part of cygwin. Btw. was the
> /etc/nologin.txt your addition? I think the original nologin doesn't even do
> that. At least not on Debian, where I just checked. 

It does on Fedora.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Where is /bin/nologin

[Andrey Repin]

Greetings, Corinna Vinschen!

>> I would advice against giving any clues about account status, for security
>> reasons.

> It's what Linux' /sbin/nologin' prints, too.  Actually it's the whole
> idea of /sbin/nologin' per the man page:

Right you are. However, I haven't seen /bin/nologin used on any Linux box I've
come across in all my Linux experience. :)
It was /bin/false for accounts you don't want to be logged in locally.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 17.10.2011, <17:58>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple